Windows Virtual Security Description

[+] Click Image to Enlarge

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

Windows Virtual Security is a rogue anti-spyware program which pretends to be able to remove imaginary malware infections and computer problems from your PC. When Windows Virtual Security installs itself on your PC, it states that your computer has been corrupted by an unidentified Trojan, and then urges you to execute a quick system scan. Following everything Windows Virtual Security says, you will download and install this rogueware onto your machine. Then, Windows Virtual Security will initiate fictitious system scans and report numerous nonexistent malware threats. Windows Virtual Security will also show a lot of fake security alerts claiming that your PC’s security is in danger, and there are many malware threats detected on your computer system, which does not enable your computer to operate properly. Windows Virtual Security will surely slow down your PC’s performance, making it seem as if this is happening because of the alleged infections which you should remove at once using Windows Virtual Security. Windows Virtual Security only aims at stealing your money. Affected users are strongly advised by ESG’s malware analysts to uninstall Windows Virtual Security from your PC system as soon as possible by using a reputable malware removal tool.

Type: Rogue AntiSpyware Programs

How Can You Detect Windows Virtual Security?

Windows Virtual Security Technical Report

As new Windows Virtual Security details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for Windows Virtual Security:

The following fake error message(s) appears for Windows Virtual Security:

“Warning! Virus Detected Threat detected: FTP Server Infected file: C:WindowsSystem32dllcachewmploc.dll”

“Warning! Identity theft attempt Detected Hidden connection IP: 58.82.12.124 Target: Your passwords for sites”

“Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. You need to clean your computer immediately to prevent the system crash”

“Error Key-logger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan”

“Trojan-PSW.Win32.launch Hack Tool:Win32/Welevate.A Adware.Win32.Fraud”

‘How Windows Virtual Security Infects Your Computer’ Video

Windows Virtual Security Removal Details

Windows Virtual Security has typically the following processes in memory:

• %AppData% Protector-[rnd].exe

Windows Virtual Security creates the following registry entries:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exeDebugger svchost.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe

Important Article Disclaimer